Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with thisAccompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention,Obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments.Based onEmbodiment in the present invention, those of ordinary skill in the art are obtained under not making creative work premiseThe every other embodiment obtained, broadly falls into the scope of protection of the invention.
The process flow figure of a kind of electronic data that Fig. 1 provides for the embodiment of the present invention.Such as Fig. 1 instituteShowing, the processing method of the electronic data that the present embodiment provides is applicable to that any electronic data is deposited card and processesProcess, to ensure primitiveness and the integrity of electronic data.The process of the electronic data that the present embodiment providesMethod can realize based on deposit system, this deposit system include subscriber equipment, deposit card equipment and credible timeBetween sign and issue equipment, the method can perform by depositing card equipment, specifically includes following steps:
Step A101, obtaining and store the first serial data, the first serial data generates based on an electronic data,And it is the most relevant to electronic data;
Step A102, equipment of signing and issuing to trusted time send and carry the trusted time of the first serial data and sign and issueRequest, so that trusted time is signed and issued equipment and is signed and issued a trusted time information based on the time receiving request;
Step A103, reception trusted time sign and issue the response of equipment, respond and include the second serial data, and secondSerial data includes the trusted time information of the first serial data sum;
Step A104, the second serial data and the first serial data are associated storage.
Specifically, subscriber equipment can be PC, notebook computer, smart mobile phone, panel computerEtc. the electronic installation with processing unit.It is provided with client application on subscriber equipment, or passes throughForm web page realizes with to deposit card equipment mutual.Electronic data is specifically as follows the electronic data of any form,Its content can be plain text, picture, audio frequency and video, webpage, note, mail etc., this electronic dataCan store in a user device, can be that subscriber equipment obtains from other equipment, it is also possible to forThe data that family equipment produces in real time, such as the video shot or photo, the audio frequency etc. recorded.
When user needs that electronic data is carried out deposit card, user can be selected by subscriber equipment or realTime produce electronic data.First serial data generates based on electronic data, the generation of the first serial dataJourney can realize in user equipment side, it is also possible to realizes depositing card equipment side.Subscriber equipment can be to needsThe electronic data depositing card carries out processing generation the first serial data, is issued by this first serial data and deposits card equipment,Can also send jointly to deposit card equipment together with electronic data by the first serial data, or electronic data is sent outGive and deposit card equipment, carried out this electronic data processing generation the first serial data by depositing card equipment.According to realityBorder application scenarios needs, subscriber equipment can also by accounts information, operator message, facility information, onPass temporal information, self-description information etc. about this electronic data is sent to deposit card equipment, in order to firstSerial data and/or electronic data are managed.
First serial data generates based on electronic data, identifies this electronic data for unique.Subscriber equipment orDepositing card equipment can be according to default hash algorithm to the processing procedure of electronic data, such as message digest algorithmFive editions (Message Digest Algorithm is called for short MD5) or SHA (Secure HashAlgorithm, is called for short SHA) etc., obtain the cryptographic Hash of this electronic data, the i.e. first serial data.In order toImproving the safety of data transmission, subscriber equipment and the data interaction deposited between card equipment can be by super literary compositionsThis host-host protocol (Hyper Text Transfer Protocol is called for short HTTP) encrypted tunnel.If userFirst serial data and electronic data are issued card equipment of depositing, the first serial data and the transmission of electronic data by equipmentCan successively can also be simultaneously, based on different size of electronic data and network condition, deposit card equipment and receiveThe most different to the order of the first serial data and electronic data.When electronic data is bigger, Ke NengxuTransmission time that will be longer, in this case, deposit card equipment and may first receive the first serial data.
Deposit card equipment and get the first serial data by the way, this first serial data is stored, Xiang KeThe letter time signs and issues device request trusted time.Trusted time sign and issue the time of equipment be with trusted time source withStep, trusted time source specifically includes: the long-wave signal for identifying trusted time that time service center is issuedOr satellite-signal;Or, the trusted time that trusted time authorized organization issues;Or, meet relevantThe trusted time that the hardware system of standard-required provides, such as atomic clock, it can be ensured that trusted time source instituteThe time synchronized is believable, auditable, and its way of realization is not limited with the present embodiment.SpecificallyGround, deposit card equipment to trusted time sign and issue equipment send trusted time sign and issue request, this trusted time is signed and issuedCarrying the first serial data in request, trusted time is signed and issued equipment record and is received this timestamp and sign and issue requestTime, and be signed and issued to deposit card equipment as trusted time information using this time.Trusted time signs and issues equipmentTo depositing the response of card equipment, response includes that the second serial data, the second serial data include the first serial data and be somebody's turn to doTrusted time information.
During reality realizes, what trusted time signed and issued that equipment generally uses oneself signs and issues private key to secondSerial data carries out signature process, to show that trusted time information is signed and issued equipment by this trusted time and signed and issued.Depositing card equipment and the second serial data and the first serial data are associated storage, the storage system depositing card equipment can be adoptedRealize by existing data base or cloud storage technology.Trusted time signs and issues equipment also can sign and issue public affairs by oneselfKey is sent to deposit card equipment.
When user need to deposit card equipment be electronic data come to testify time, can be by subscriber equipment to depositing card equipmentThe transmission request of coming to testify, can carry the first serial data in this request of coming to testify, and deposits card equipment according to the first numberThe second serial data is determined according to string, and by the second serial data with sign and issue PKI and be sent to subscriber equipment, by signingSend out PKI the signature of the second serial data is verified, obtain the first serial data after being proved to be successful and in order to demonstrate,proveThe trusted time information of bright this first serial data hardening time, then by the first serial data to electronic dataIntegrity is verified, can be verified by above-mentioned steps, the primitiveness of electronic data and integrity.Therefore, this electronic data be retrospective, auditable, be not tampered with.User uses this electron numberCan be accepted and believed according to as electronic evidence.
The processing method of the electronic data that the present embodiment provides, obtains and stores the first serial data, the first numberGenerate based on an electronic data according to string, and the most relevant to electronic data, sign and issue equipment to trusted time and sendThe trusted time carrying the first serial data signs and issues request, so that trusted time is signed and issued equipment and asked based on receivingThe time asked signs and issues a trusted time information, receives trusted time and signs and issues the response of equipment, and response includes secondSerial data, the second serial data includes the trusted time information of the first serial data sum, by the second serial data and firstSerial data association storage.The verification to electronic data integrity is achieved by the first serial data, it is ensured thatThe integrity of electronic data, signs and issues equipment label by being carried out the trusted time of time synchronized by trusted time sourceSend out trusted time information, it is ensured that the credibility of the time of electronic data.And, the place of this electronic dataReason process third party uninterested with user realize, and improves electronic data and demonstrate,proves as electronicsAccording to public credibility.
In the present embodiment, step A101, obtain and store the first serial data, specifically may include that
Receive the first serial data and electronic data that subscriber equipment sends, use the first serial data to electronic dataCarrying out integrity verification, if being proved to be successful, then electronic data and the first serial data being associated storage.
In one implementation, subscriber equipment generate the first serial data according to electronic data, and byOne serial data and electronic data are all sent to deposit card equipment.The first serial data and electricity is received when depositing card equipmentAfter subdata, this first serial data can be first passed through electronic data is verified, to ensure this electronicsThe integrity of data, in this case, deposits and can not additionally set up between card equipment and subscriber equipmentWhole property verification scheme, is realized the checking to electronic data by depositing card equipment by the first serial data.If testedDemonstrate,prove successfully, then electronic data and the first serial data are associated storage.Mutual and the magnanimity number for a large number of usersAccording to storage, that deposits card equipment and subscriber equipment can use point-to-point (peer-to-peer is called for short P2P) alternatelyTechnology, depositing card equipment can be stored in the electronic data that user uploads in storage device, and storage device canTo be distributed storage device.Deposit card equipment to be stored in storage device by electronic data, obtain storage groundLocation, associates storage by storage address with the first serial data.
In the present embodiment, step uses the first serial data that electronic data is carried out integrity verification, specifically may be usedTo include:
According to default hash algorithm, electronic data is carried out process and be verified value, by validation value and the first dataString is compared, if validation value and the first serial data are identical, is proved to be successful.
In the present embodiment, step uses the first serial data that electronic data is carried out integrity verification, it is also possible toIncluding:
If validation value and the first serial data differ, authentication failed, send to subscriber equipment and retransmit instruction letterBreath.
Specifically, completing property proof procedure can be, deposits card equipment according to default hash algorithm to electron numberBeing verified value according to carrying out process, this default hash algorithm is adopted when generating the first serial data with subscriber equipmentDefault hash algorithm identical.By cryptographic Hash, the integrity of electronic data is verified, it is achieved letterSingle, easy to verify.If this validation value and the first serial data are identical, then it is proved to be successful, otherwise, checkingFailure.If authentication failed, then deposit card equipment to subscriber equipment send upload failure instruction information orRetransmit instruction information, to point out user again to upload electronic data.If be proved to be successful, then by electron numberAccording to associating storage with the first serial data, and sign and issue device request trusted time information to trusted time.
In another kind of implementation, after subscriber equipment generates the first serial data according to electronic data, by theOne serial data is sent to deposit card equipment, takes up room, to reduce, the storage depositing card equipment.
In another implementation, can simplify the function of subscriber equipment, subscriber equipment is by electronic dataIt is sent to deposit card equipment, is generated the first serial data by depositing card equipment according to electronic data.In order to ensure dataThe integrity of transmission, subscriber equipment and can increase in depositing the Data Transport Protocol of card equipment check bit or itsHe verifies means, to avoid data to lose in transmitting procedure.
In the present embodiment, the method can also comprise the steps:
Trusted time is signed and issued equipment, by signing and issuing private key, the second serial data is carried out signature process.
Specifically, trusted time is signed and issued equipment and is used oneself private key of signing and issuing to sign the second serial dataProcessing, this signature processing procedure can use RSA, ElGamal, Fiat-Shamir, Guillou-Quisquarter, Schnorr, Ong-Schnorr-Shamir Digital Signature Algorithm, Des/DSA, oval songLine Digital Signature Algorithm and finite automata Digital Signature Algorithm etc. realize.Deposit card equipment or subscriber equipmentBy signing and issuing PKI, the signature of the second serial data can be verified, with prove trusted time information be byThis trusted time signs and issues what equipment was signed and issued, improves the safety of the second serial data.
In the present embodiment, the method can also comprise the steps:
Trusted time signs and issues equipment will sign and issue PKI and trusted time is signed and issued facility information and is sent to authenticating device;
Authenticating device by checking private key to signing and issuing PKI and trusted time is signed and issued facility information and is encrypted placeReason generates digital certificate, digital certificate and verification public key is sent to trusted time and signs and issues equipment;
Trusted time is signed and issued equipment and is received digital certificate and verification public key, digital certificate and verification public key is sent outSend;
Receive trusted time and sign and issue digital certificate and the verification public key that equipment sends.
Specifically, sign and issue the credibility of equipment to improve trusted time, this deposit system can also setPutting authenticating device, trusted time is signed and issued the identity of equipment and is authenticated by authenticating device.Trusted time is signed and issuedEquipment will be signed and issued PKI and sign and issue server info and be sent to authenticating device, and authenticating device is by checking private keyTo signing and issuing PKI and signing and issuing server info encryption generation digital certificate, and by digital certificate and verification public keyIt is sent to trusted time and signs and issues equipment.Trusted time is signed and issued equipment and digital certificate and verification public key is sent toDeposit card equipment.
In the present embodiment, the method can also comprise the steps:
Second serial data, digital certificate and verification public key are sent.
Specifically, deposit card equipment and the second serial data, digital certificate and verification public key can be sent to userEquipment, or other need the focal pointe that comes to testify electronic data.When user or its other party needWhen coming to testify for electronic data, subscriber equipment can be passed through or deposit the interface of card equipment offer to depositing card equipmentThe transmission request of coming to testify, can carry the first serial data in this request of coming to testify, and deposits card equipment according to the first numberDetermine the second serial data according to string, and the second serial data and verification public key are sent to the requesting party that comes to testify.Come to testifyData certificate in second serial data is verified by requesting party by verification public key, it may be determined that time credibleBetween to sign and issue the identity of equipment the most legal, if be proved to be successful, then by signing and issuing PKI in digital certificateThe signature of the second serial data is verified, obtain after being proved to be successful the first serial data and in order to prove thisThe trusted time information of one serial data hardening time.By the first serial data complete electronic data completeProperty checking, concrete processing procedure does not repeats them here.
In the present embodiment, the method also comprises the steps:
Before electronic data and the first serial data are associated storage, send according to the subscriber equipment receivedEncrypting storing instruction information or judgement know that electronic data is encryption data, and electronic data is encrypted placeReason.
Specifically, user can need to be encrypted electronic data in advance according to the secrecy of oneself,Or select function of keeping secret, when user have selected secrecy merit when uploading this electronic data by subscriber equipmentCan time, subscriber equipment can indicate to be deposited card equipment and preserves this encrypted electronic data.In both cases,Deposit card equipment to store after encrypted electronic data again, to improve the safety of electronic data further.
In the present embodiment, the method also comprises the steps:
After electronic data and the first serial data are associated storage, send to subscriber equipment and preserve success receiptMessage, is preserved success receipt message and includes the description information of electronic data and believed by the time of integrity verificationBreath.
Specifically, when deposit card equipment by electronic data store after can to subscriber equipment send preserve success receiptMessage, to inform that user deposits card service and received and saved the data that user uploads.This preservation successCan include description information and the holding time information of electronic data in acknowledgement message, the information of description such as may be usedThinking the form of electronic data, size etc., holding time information deposits card equipment preservation electron number in order to indicateAccording to time.
In the present embodiment, the method also comprises the steps:
After reception trusted time signs and issues the response of equipment, deposit card success receipt to subscriber equipment transmission and disappearBreath, wherein, deposits card success receipt message and includes user's real name information, the first serial data and deposit card temporal information.
Specifically, deposit card success receipt message and the most successfully deposit card for the data indicating user to upload, deposit cardSuccess receipt message can be showed by various ways, and as deposited card certificate, depositing record on card certificate has firstSerial data, deposits and deposits the card time, so that what to prove corresponding to the Real Name of witness and trusted timestampWhat what electronic data when people completed deposits card.
In the present embodiment, this also comprises the steps:
Receive subscriber equipment and send self-description information, self-description information and the first serial data are associated storage.
Specifically, self-description information is user's description to electronic data, in order to electronic data orThe management of the first serial data, the most several key word of self-description information or passage, deposit card equipmentSelf-description information and the first serial data are associated storage, and user can be come the first number by self-description informationRetrieve according to string.
Below with subscriber equipment as smart mobile phone, this smart mobile phone is provided with to deposit card equipment mutualApplication program (Application, be called for short APP) as a example by, to the electronic data that the present embodiment providesEach step of processing method is described in detail.
User is mounted with APP on its smart mobile phone, have registered account and carries out real-name authentication, working as userWhen needing that electronic data is carried out depositing card, this APP can be logged in by personal account and realize.Set on APPIt is equipped with and locally selects electronic data, in real time generation electronic data and obtain several side of electronic data from network-sideFormula, network-side can be Dropbox or other network storage space of user.Such as, user is from locally selectingOne self-designed CAD (Computer Aided Design, computer-aided design) form literary compositionPart, APP display is submitted the prompting page to, is submitted to and can be provided with " secrecy " or " disclosure " on the prompting pageOption, user can select according to the needs of oneself.When user selects " secrecy ", deposit card and setFor underground after storing this CAD formatted file, other users in addition to this user cannot pass through networkBrowse to this document.When user selects " disclosure ", deposit after card equipment stores this CAD formatted file publicOpening, other users are it can be seen that this document.User is not intended to disclose the design of oneself, is submitting tips page toHave selected " secrecy " on face and submit to, APP is according to presetting the CAD form that user is selected by hash algorithmFile process becomes the first serial data, and this first serial data is the most relevant to this CAD formatted file.APPDepositing card request to depositing the transmission of card equipment, this is deposited in card request and carries CAD formatted file and the first dataString, and " secrecy " storage wait other instruction information, deposit card equipment receive this deposit demonstrate,prove ask after, according toPreset hash algorithm and CAD formatted file is processed into validation value, validation value and the first serial data are comparedRelatively, if the same it is proved to be successful, otherwise authentication failed.If be proved to be successful, depositing card equipment just shouldAssociate with the first serial data under the account being stored in this user after the encryption of CAD formatted file, and to user'sAPP sends to preserve and successfully preserves success receipt message, preserves success receipt message and includes CAD form literary compositionThe title of part, form, size etc. describe information, and preserve the time of this document.If authentication failed,Then deposit card equipment and send the instruction information again going up transmitting file to the APP of user.
Deposit after electronic data is proved to be successful by the first serial data by card equipment, sign and issue equipment to trusted timeSending timestamp and sign and issue request, this timestamp is signed and issued and is carried the first serial data in request, trusted time labelThe equipment of sending out signs and issues trusted time information according to the time receiving this first serial data, by signing and issuing private key pairFirst serial data and trusted time information are digitally signed formation the second serial data, to improve the first dataString and the safety in transmitting procedure of trusted time information.
Trusted time signs and issues equipment can be beforehand through the certification of authenticating device, and trusted time signs and issues equipment willSign and issue PKI and sign and issue server info and be sent to authenticating device, authenticating device by checking private key to signing and issuingPKI generates digital certificate with signing and issuing server info encryption, and digital certificate and verification public key being sent to canThe letter time signs and issues equipment.This authenticating device is that certification authority trusty sets up, the numeral card that it is issuedBook is certificate trusty.
Trusted time is signed and issued equipment and is sent to deposit card equipment by digital certificate and verification public key.Depositing card equipment willThe second serial data received and the association storage of the first serial data.Deposit card equipment to deposit to the APP transmission of userCard certificate, depositing record on card certificate has the first serial data, the Real Name of user and trusted time informationCorresponding deposits the card time.
User can deposit card by APP, checks and manage electronic data and the related credentials having deposited card.When user needs to come to testify, electronic data to be come to testify can be selected by the function of coming to testify of APP, toDeposit card equipment and send the request of coming to testify, the request of coming to testify carries the electronic data to be come to testify with this most correspondingThe first serial data, deposit card equipment and determine the second serial data according to this first serial data, by the second serial dataWith the APP that verification public key is sent to user.
By verification public key, the data certificate in the second serial data is verified, it may be determined that trusted timeThe identity signing and issuing equipment is the most legal, if be proved to be successful, then by signing and issuing PKI pair in digital certificateThe signature of the second serial data is verified, obtain after being proved to be successful the first serial data and in order to prove this firstThe trusted time information of serial data hardening time.Can complete electronic data complete by the first serial dataThe checking of property, concrete proof procedure is referred to above-described embodiment, does not repeats them here.
The process flow figure of the another kind of electronic data that Fig. 2 provides for the embodiment of the present invention.Such as Fig. 2Shown in, the processing method of the electronic data that the present embodiment provides specifically can sign and issue equipment by trusted timePerforming, can coordinate realization with the method being applied to deposit card equipment, it implements process with reference to above-mentioned realityExecute the description of example, do not repeat them here.
The processing method of the electronic data that the present embodiment provides, specifically includes:
Step B101, reception are deposited the trusted time carrying the first serial data of card equipment transmission and are signed and issued request,Signing and issuing a trusted time information based on the time receiving request, the first serial data is raw based on an electronic dataBecome, and the most relevant to electronic data;
Step B102, to deposit card equipment send response, response include the second serial data, the second serial data bagInclude the trusted time information of the first serial data sum.
The processing method of the electronic data that the present embodiment provides, trusted time is signed and issued equipment and is and electronic dataUnique the first relevant serial data signs and issues trusted timestamp, it is achieved that the time-proven to electronic data.LogicalCross the first serial data and achieve the verification to electronic data integrity, it is ensured that the integrity of electronic data,Sign and issue equipment sign and issue trusted time information by being carried out the trusted time of time synchronized by trusted time source, protectDemonstrate,prove the credibility of the time of electronic data.And, the processing procedure of this electronic data is without profit with userThe third party of evil relation deposits what card equipment realized, improves the electronic data public credibility as electronic evidence.
In the present embodiment, the method can also also comprise the steps:
Before depositing the transmission response of card equipment, by signing and issuing private key, the second serial data is carried out signature process.
In the present embodiment, the method can also also comprise the steps:
PKI will be signed and issued and trusted time will be signed and issued facility information and is sent to authenticating device;
Authenticating device by checking private key to signing and issuing PKI and trusted time is signed and issued facility information and is encrypted placeReason generates digital certificate, digital certificate and verification public key is sent;
Receive digital certificate and verification public key that authenticating device sends, digital certificate and verification public key are sent toDeposit card equipment.
Fig. 3 deposits card device structure schematic diagram for the one that the embodiment of the present invention provides.As it is shown on figure 3, thisThe card equipment 31 of depositing that embodiment provides specifically can realize the process being applied to deposit the electronic data of card equipmentEach step of method, it implements process and does not repeats them here.
What the present embodiment provided deposits card equipment 31, specifically includes:
First processing unit 11, is used for obtaining and storing the first serial data, and the first serial data is based on an electronicsData genaration, and the most relevant to electronic data;
Time request unit 12, for trusted time sign and issue equipment send carry the first serial data canThe letter time signs and issues request so that trusted time sign and issue equipment based on the time receiving request sign and issue one credible timeBetween information;
Second processing unit 13, signs and issues the response of equipment for receiving trusted time, and response includes the second numberAccording to string, the second serial data includes the trusted time information of the first serial data sum;
3rd processing unit 14, for associating storage by the second serial data and the first serial data.
What the present embodiment provided deposits card equipment 31, is achieved electronic data integrity by the first serial dataVerification, it is ensured that the integrity of electronic data, by being carried out the credible of time synchronized by trusted time sourceTime signs and issues equipment and signs and issues trusted time information, it is ensured that the credibility of the time of electronic data.And,The processing procedure of this electronic data third party uninterested with user realize, and improves electronicsData are as the public credibility of electronic evidence.
In the present embodiment, the first processing unit 11 can be also used for receiving the first number that subscriber equipment sendsAccording to string and electronic data, use the first serial data that electronic data is carried out integrity verification, if being proved to be successful,Then electronic data and the first serial data are associated storage.
In the present embodiment, the second serial data is signed and issued equipment through trusted time and is signed by signing and issuing private keyProcess.
In the present embodiment, the second processing unit 13 is additionally operable to receive trusted time and signs and issues the number that equipment sendsWord certificate and verification public key, digital certificate is that authenticating device is by verifying that private key is to signing and issuing PKI and signing and issuing serviceDevice information is encrypted generation.
Fig. 4 deposits card device structure schematic diagram for the another kind that the embodiment of the present invention provides.As shown in Figure 4,In the present embodiment, deposit card equipment 31 can also include:
Come to testify unit 15, for the second serial data, digital certificate and verification public key are sent.
In the present embodiment, deposit card equipment 31 can also include:
Ciphering unit 16, indicates information for the encrypting storing sent according to the subscriber equipment received or sentencesBreak and know that electronic data is encryption data, electronic data is encrypted.
In the present embodiment, the first processing unit 11 can be also used for according to presetting hash algorithm to electron numberIt is verified value according to carrying out process, validation value and the first serial data are compared, if validation value and the first numberIdentical according to string, it is proved to be successful.
In the present embodiment, if the first processing unit 11 can be also used for validation value and the first serial data not phaseSame then authentication failed, sends to subscriber equipment and retransmits instruction information.
In the present embodiment, deposit card equipment 31 can also include:
Preserve receipt unit 17, preserve success receipt message for sending to subscriber equipment, preserve and successfully returnHold message and include the description information of electronic data and by the temporal information of integrity verification.
In the present embodiment, the first processing unit 11 can be also used for receiving subscriber equipment and sends self-described letterBreath, associates storage by self-description information and the first serial data.
A kind of trusted time that Fig. 5 provides for the embodiment of the present invention signs and issues device structure schematic diagram.Such as Fig. 5Shown in, the trusted time that the present embodiment provides is signed and issued equipment 32 and specifically can be realized being applied to trusted time labelEach step of the processing method of the electronic data of the equipment of sending out, it implements process and does not repeats them here.
The trusted time that the present embodiment provides signs and issues equipment 32, specifically includes:
Receive unit 21, deposit, for receiving, the trusted time label carrying the first serial data that card equipment sendsSending out request, sign and issue a trusted time information based on the time receiving request, the first serial data is based on an electronicsData genaration, and the most relevant to electronic data;
Response unit 22, for depositing the transmission response of card equipment, response includes the second serial data, the second numberThe trusted time information of the first serial data sum is included according to string.
The trusted time that the present embodiment provides signs and issues equipment, is unique association one based on the time receiving requestFirst serial data of electronic data signs and issues trusted time information, it is ensured that the credibility of the time of electronic data.The verification to electronic data integrity is achieved, it is ensured that the integrity of electronic data by the first serial data.And, the processing procedure of this electronic data third party uninterested with user realize, and improvesThe electronic data public credibility as electronic evidence.
The another kind of trusted time that Fig. 6 provides for the embodiment of the present invention signs and issues device structure schematic diagram.Such as Fig. 6Shown in, the trusted time that the present embodiment provides signs and issues equipment 32, it is also possible to including:
Signature unit 23, for carrying out signature process to the second serial data by signing and issuing private key.
The trusted time that the present embodiment provides signs and issues equipment 32, it is also possible to including:
Authentication ' unit 24, is used for signing and issuing PKI and trusted time is signed and issued facility information and is sent to authenticating device,Receiving digital certificate and verification public key that authenticating device sends, digital certificate is that authenticating device is by checking private keyTo signing and issuing PKI and trusted time is signed and issued facility information and is encrypted generation;
Correspondingly, response unit 22 is additionally operable to be sent to deposit card equipment by digital certificate and verification public key.
The processing system structural representation of a kind of electronic data that Fig. 7 provides for the embodiment of the present invention.Such as figureShown in 7, the processing system of the electronic data of the electronic data that the present embodiment provides includes that the present invention is the most realExecute the card equipment 31 of depositing that example provides, and the trusted time that any embodiment of the present invention provides signs and issues equipment32。
The processing system structural representation of the another kind of electronic data that Fig. 8 provides for the embodiment of the present invention.AsShown in Fig. 8, in the present embodiment, this system can also include:
Authenticating device 33, signs and issues signing and issuing PKI and signing and issuing service of equipment 32 transmission for receiving trusted timeDevice information, by checking private key to signing and issuing PKI and signing and issuing server info and be encrypted generation digital certificate,Digital certificate and verification public key are sent to trusted time and sign and issue equipment 32.
Last it is noted that various embodiments above is only in order to illustrate technical scheme, rather than to itLimit;Although the present invention being described in detail with reference to foregoing embodiments, the ordinary skill of this areaPersonnel it is understood that the technical scheme described in foregoing embodiments still can be modified by it, orThe most some or all of technical characteristic is carried out equivalent;And these amendments or replacement, do not make phaseThe essence answering technical scheme departs from the scope of various embodiments of the present invention technical scheme.